As many of you are aware Oracle has changed their licensing for Java 1.8 and making it a pay to play for all commercial purposes. Here’s a link to the licensing announcement. I’m not a lawyer and I’m not going to pretend that I understand these licensing agreements. But Oracle and Adobe (or their lawyers I presume) do understand these and as such there are changes to note. On January 24th Adobe announced that Adobe will maintain support. via a […]
The first month of 2019 has passed and it was full of year end wrap up articles about anything and everything from 2018. Most were fluff articles on pop culture and such. What I found most interesting were the articles that quantified the past year of hacking and security breaches. According to NBC News, Hackers stole nearly half a billion personal records in 2018. There were fewer breaches, but the breaches were bigger and worse and more data than ever was stolen. Crypto-miners have improved as well and not in a good way.
Today’s short note is brought to you by “Don’t Do That On Production!” At CF Webtools often times we get called in to help troubleshoot servers that are failing to perform well. We often hear the same sort of symptoms that goes like this. The server has been running fine for months then suddenly for no reason it’s slow, CPU usage is high, and it hangs or crashes multiple times per day. This always prompts us to ask the same […]
A short note to alert everyone that ColdFusionBloggers.org is back online and back to aggregating your blog posts. The great Raymond Camden created this awesome resource and technically it will always be his. I happen to be the current caretaker if you will of this valuable service. If anyone was wondering why Ray decided to step away from ColdFusion Bloggers, see his blog post here. I reached out to Ray and he granted me the ‘keys’ so to speak. Thank […]
At CF Webtools we recently went through a round of server upgrades to handle the Authorize.net ending support for older TLS versions. Now USPS, United State Postal Service, is doing the same thing with their Shipping APIs. This is going to be happening for all API’s and most likely all this year as PCI requirements for ending support for TLS 1.1 and older at the end of June 2018. This is according to the PCI Security Standards Council. USPS will […]
Adobe released important security updates and big fixes today, update 6 and update 14 for ColdFusion 2016 and ColdFusion 11 respectively. These updates resolve an important insecure library loading vulnerability (CVE-2018-4938), an important cross-site scripting vulnerability that could lead to code injection (CVE-2018-4940) and an important cross-site scripting vulnerability that could lead to information disclosure (CVE-2018-4941). These updates also include a mitigation for a critical unsafe Java deserialization vulnerability (CVE-2018-4939) and a mitigation for a critical unsafe XML parsing vulnerability […]
This is a brief follow up to my previous article on Hacking for Bitcoins in which I detailed how servers were being hijacked with cryptocurrency miners and using your servers CPU power to mine for Bitcoins or other blockchain cryptocurrencies. This is an updated twist on that hack. I saw this Ars Technica article today and it points out that the newer twist is to inject code into your websites code and then process cryptocurrency mining on your website user’s […]
I have seen a lot more people asking questions about making SFTP or FTPS secure connections from ColdFusion using the <CFFTP> tag. They are trying to figure out why they cannot make a connection. Often the error is “Algorithm negotiation fail” or “Connection Error”. People are posting their questions on many support forums including Adobes forums and their new ColdFusion Community Portal. This is a problem people are experiencing in ColdFusion 10 and ColdFusion 11. In the last few years […]
This is something that might not come up often, but every once in a while we have to connect to a Sybase database. This is a built in feature in the Enterprise version of ColdFusion. However, if you have the Standard version of ColdFusion you have to manually add the JDBC jar file and build the connection string by hand. This is easy to do once you have the correct information and correct format of the connection string. Finding that […]
At CF Webtools we have been preparing for this inevitable day for the past few years. We’ve been upgrading our clients servers and services to handle TLS 1.2 calls to Authorize.Net and other third party processors for a while now. Recently Authorize.Net announced a “Temporary Disablement of TLS 1.0/1.1” for “a few hours on January 30, 2018 and then again on February 8, 2018.” This is in preparation for the final disablement of TLS1.0/1.1 on February 28, 2018. As you […]
Originally posted at https://www.coldfusionmuse.com/index.cfm/2017/11/27/ColdFusion-MailSpoolService-Performance In my last article about the Adobe ColdFusion MailSpoolService I mentioned that I was going to try to get specifics on expected performance in the Standard Edition vs Enterprise edition of the MailSpoolService. Adobe has not respond to my requests with actual data. While attending the ColdFusion Summit 2017 I tried to get a clear answer from any of the Adobe ColdFusion engineering team members that were at the conference. They didn’t know the answer. Because I […]
I’ve seen a few different ColdFusion 11 Standard servers that have been sending duplicate emails. We’ve had several clients at CF Webtools reporting this issue and over time I’ve had to research this to try to determine how this is happening. During my investigations, I’ve been able to see this behavior happen on each of the servers in question. The obvious response that I’ve see from Adobe and others is that code must be creating to emails in error. However, […]